A patched flaw in Ollama allows for drive-by attacks via malicious websites that can spy on user chats and control AI models. Discovered by Chris Moberly, the vulnerability was reported on July 31 and patched hours later in version 0.10.1. The issue lies in incomplete cross-origin controls of the new web service for the GUI app and affects both Mac and Windows systems, but not the core API. Reports indicate no known exploitation prior to the patch release.
Exploiting this in the wild would be trivial. There is a little bit of work to build the proper attack infrastructure and to get the interception service working, but it's something an LLM could write pretty easily.
There's no evidence it was exploited in the wild. Hopefully everyone is able to patch before that happens. Those who installed via the official application installers receive auto-updates and just need to restart the app to apply it.
Collection
[
|
...
]